📄 cert.h
字号:
* Attribute Manipulation Functions *
* *
****************************************************************************/
/* Find information on an attribute */
ATTRIBUTE_LIST *findAttributeByOID( const ATTRIBUTE_LIST *attributeListPtr,
const BYTE *oid );
ATTRIBUTE_LIST *findAttribute( const ATTRIBUTE_LIST *attributeListPtr,
const CRYPT_ATTRIBUTE_TYPE attributeID,
const BOOLEAN isFieldID );
ATTRIBUTE_LIST *findAttributeField( const ATTRIBUTE_LIST *attributeListPtr,
const CRYPT_ATTRIBUTE_TYPE fieldID,
const CRYPT_ATTRIBUTE_TYPE subFieldID );
ATTRIBUTE_LIST *findAttributeFieldEx( const ATTRIBUTE_LIST *attributeListPtr,
const CRYPT_ATTRIBUTE_TYPE fieldID );
ATTRIBUTE_LIST *findNextFieldInstance( const ATTRIBUTE_LIST *attributeListPtr );
int getDefaultFieldValue( const CRYPT_ATTRIBUTE_TYPE fieldID );
BOOLEAN checkAttributePresent( const ATTRIBUTE_LIST *attributeListPtr,
const CRYPT_ATTRIBUTE_TYPE fieldID );
/* Move the current attribute cursor */
ATTRIBUTE_LIST *moveAttributeCursor( const ATTRIBUTE_LIST *currentCursor,
const CRYPT_ATTRIBUTE_TYPE certInfoType,
const int position );
/* Add/delete attributes/attribute fields */
int addAttribute( const ATTRIBUTE_TYPE attributeType,
ATTRIBUTE_LIST **listHeadPtr, const BYTE *oid,
const BOOLEAN critical, const void *data,
const int dataLength, const int flags );
int addAttributeField( ATTRIBUTE_LIST **attributeListPtr,
const CRYPT_ATTRIBUTE_TYPE fieldID,
const CRYPT_ATTRIBUTE_TYPE subFieldID,
const void *data, const int dataLength,
const int flags, CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
int deleteAttributeField( ATTRIBUTE_LIST **attributeListPtr,
ATTRIBUTE_LIST **listCursorPtr,
ATTRIBUTE_LIST *listItem,
const void *dnDataPtr );
int deleteAttribute( ATTRIBUTE_LIST **attributeListPtr,
ATTRIBUTE_LIST **listCursorPtr,
ATTRIBUTE_LIST *listItem,
const void *dnDataPtr );
void deleteAttributes( ATTRIBUTE_LIST **attributeListPtr );
int copyAttributes( ATTRIBUTE_LIST **destListHeadPtr,
ATTRIBUTE_LIST *srcListPtr,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
int copyIssuerAttributes( ATTRIBUTE_LIST **destListHeadPtr,
const ATTRIBUTE_LIST *srcListPtr,
const CRYPT_CERTTYPE_TYPE type,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
int copyOCSPRequestAttributes( ATTRIBUTE_LIST **destListHeadPtr,
const ATTRIBUTE_LIST *srcListPtr );
int copyRevocationAttributes( ATTRIBUTE_LIST **destListHeadPtr,
const ATTRIBUTE_LIST *srcListPtr );
/* Read/write a collection of attributes */
int checkAttributes( const ATTRIBUTE_TYPE attributeType,
const ATTRIBUTE_LIST *listHeadPtr,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
int sizeofAttributes( const ATTRIBUTE_LIST *attributeListPtr );
int writeAttributes( STREAM *stream, ATTRIBUTE_LIST *attributeListPtr,
const CRYPT_CERTTYPE_TYPE type,
const int attributeSize );
int readAttributes( STREAM *stream, ATTRIBUTE_LIST **attributeListPtrPtr,
const CRYPT_CERTTYPE_TYPE type, const int attributeSize,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
/****************************************************************************
* *
* Validity/Revocation Information Manipulation Functions *
* *
****************************************************************************/
/* Read/write validity/revocation information */
int sizeofCRLentry( REVOCATION_INFO *crlEntry );
int readCRLentry( STREAM *stream, REVOCATION_INFO **listHeadPtr,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
int writeCRLentry( STREAM *stream, const REVOCATION_INFO *crlEntry );
int sizeofOcspRequestEntry( REVOCATION_INFO *ocspEntry );
int readOcspRequestEntry( STREAM *stream, REVOCATION_INFO **listHeadPtr,
CERT_INFO *certInfoPtr );
int writeOcspRequestEntry( STREAM *stream, const REVOCATION_INFO *ocspEntry );
int sizeofOcspResponseEntry( REVOCATION_INFO *ocspEntry );
int readOcspResponseEntry( STREAM *stream, REVOCATION_INFO **listHeadPtr,
CERT_INFO *certInfoPtr );
int writeOcspResponseEntry( STREAM *stream, const REVOCATION_INFO *ocspEntry,
const time_t entryTime );
int sizeofRtcsRequestEntry( VALIDITY_INFO *rtcsEntry );
int readRtcsRequestEntry( STREAM *stream, VALIDITY_INFO **listHeadPtr,
CERT_INFO *certInfoPtr );
int writeRtcsRequestEntry( STREAM *stream, const VALIDITY_INFO *rtcsEntry );
int sizeofRtcsResponseEntry( VALIDITY_INFO *rtcsEntry,
const BOOLEAN isFullResponse );
int readRtcsResponseEntry( STREAM *stream, VALIDITY_INFO **listHeadPtr,
CERT_INFO *certInfoPtr,
const BOOLEAN isFullResponse );
int writeRtcsResponseEntry( STREAM *stream, const VALIDITY_INFO *rtcsEntry,
const BOOLEAN isFullResponse );
/* Add/delete a validity/revocation entry */
int addValidityEntry( VALIDITY_INFO **listHeadPtr,
VALIDITY_INFO **newEntryPosition,
const void *value, const int valueLength );
int addRevocationEntry( REVOCATION_INFO **listHeadPtr,
REVOCATION_INFO **newEntryPosition,
const CRYPT_KEYID_TYPE valueType,
const void *value, const int valueLength,
const BOOLEAN noCheck );
void deleteValidityEntries( VALIDITY_INFO **listHeadPtr );
void deleteRevocationEntries( REVOCATION_INFO **listHeadPtr );
/* Copy a set of validity/revocation entries */
int copyValidityEntries( VALIDITY_INFO **destListHeadPtr,
const VALIDITY_INFO *srcListPtr );
int copyRevocationEntries( REVOCATION_INFO **destListHeadPtr,
const REVOCATION_INFO *srcListPtr );
/* Determine whether a cert has been revoked by this CRL/OCSP response */
int checkRevocation( const CERT_INFO *certInfoPtr, CERT_INFO *revocationInfoPtr );
/****************************************************************************
* *
* Certificate Checking Functions *
* *
****************************************************************************/
/* Check a certificate object */
int checkCert( CERT_INFO *subjectCertInfoPtr,
const CERT_INFO *issuerCertInfoPtr,
const BOOLEAN shortCircuitCheck,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
int checkCertChain( CERT_INFO *certInfoPtr );
/* Certificate key check flags. These are:
FLAG_NONE: No specific check.
FLAG_CA: Certificate must contain a CA key.
FLAG_PRIVATEKEY: Check for constraints on the corresponding private
key's usage, not just the public key usage.
FLAG_GENCHECK: Perform a general check that the key usage details are
in order, without checking for a particular usage */
#define CHECKKEY_FLAG_NONE 0x01 /* No specific checks */
#define CHECKKEY_FLAG_CA 0x02 /* Must be CA key */
#define CHECKKEY_FLAG_PRIVATEKEY 0x04 /* Check priv.key constraints */
#define CHECKKEY_FLAG_GENCHECK 0x08 /* General details check */
int getKeyUsageFromExtKeyUsage( const CERT_INFO *certInfoPtr,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
int checkKeyUsage( const CERT_INFO *certInfoPtr,
const int flags, const int specificUsage,
const int complianceLevel,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
/* Check cert constraints */
int checkNameConstraints( const CERT_INFO *subjectCertInfoPtr,
const ATTRIBUTE_LIST *issuerAttributes,
const BOOLEAN matchValue,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
int checkPolicyConstraints( const CERT_INFO *subjectCertInfoPtr,
const ATTRIBUTE_LIST *issuerAttributes,
const POLICY_TYPE policyType,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
int checkPathConstraints( const CERT_INFO *subjectCertInfoPtr,
const ATTRIBUTE_LIST *issuerAttributes,
const int complianceLevel,
CRYPT_ATTRIBUTE_TYPE *errorLocus,
CRYPT_ERRTYPE_TYPE *errorType );
/* Sign/sig check a certificate */
int signCert( CERT_INFO *certInfoPtr, const CRYPT_CONTEXT signContext );
int checkCertValidity( CERT_INFO *certInfoPtr, const CRYPT_HANDLE sigCheckKey );
/****************************************************************************
* *
* Certificate Chain Functions *
* *
****************************************************************************/
/* Read/write/copy a certificate chain */
int readCertChain( STREAM *stream, CRYPT_CERTIFICATE *iCryptCert,
const CRYPT_USER cryptOwner,
const CRYPT_CERTTYPE_TYPE type,
const CRYPT_KEYID_TYPE keyIDtype,
const void *keyID, const int keyIDlength,
const BOOLEAN dataOnlyCert );
int writeCertChain( STREAM *stream, const CERT_INFO *certInfoPtr );
int copyCertChain( CERT_INFO *certInfoPtr, const CRYPT_HANDLE certChain,
const BOOLEAN isCertCollection );
/* Read/write cert collections in assorted formats */
int sizeofCertCollection( const CERT_INFO *certInfoPtr,
const CRYPT_CERTFORMAT_TYPE certFormatType );
int writeCertCollection( STREAM *stream, const CERT_INFO *certInfoPtr,
const CRYPT_CERTFORMAT_TYPE certFormatType );
/* Assemble a cert chain from certs read from an object */
int assembleCertChain( CRYPT_CERTIFICATE *iCertificate,
const CRYPT_HANDLE iCertSource,
const CRYPT_KEYID_TYPE keyIDtype,
const void *keyID, const int keyIDlength,
const int options );
/****************************************************************************
* *
* Certificate Functions *
* *
****************************************************************************/
/* Create a certificate object ready for further initialisation */
int createCertificateInfo( CERT_INFO **certInfoPtrPtr,
const CRYPT_USER cryptOwner,
const CRYPT_CERTTYPE_TYPE certType );
/* Add/get/delete a certificate component */
int addCertComponent( CERT_INFO *certInfoPtr,
const CRYPT_ATTRIBUTE_TYPE certInfoType,
const void *certInfo, const int certInfoLength );
int getCertComponent( CERT_INFO *certInfoPtr,
const CRYPT_ATTRIBUTE_TYPE certInfoType,
void *certInfo, int *certInfoLength );
int deleteCertComponent( CERT_INFO *certInfoPtr,
const CRYPT_ATTRIBUTE_TYPE certInfoType );
/* Import/export a certificate */
int importCert( const void *certObject, const int certObjectLength,
CRYPT_CERTIFICATE *certificate,
const CRYPT_USER cryptOwner,
const CRYPT_KEYID_TYPE keyIDtype,
const void *keyID, const int keyIDlength,
const CERTFORMAT_TYPE formatType );
int exportCert( void *certObject, int *certObjectLength,
const CRYPT_CERTFORMAT_TYPE certFormatType,
const CERT_INFO *certInfoPtr, const int maxLength );
/* Oddball routines: work with a certificate's serial number */
int setSerialNumber( CERT_INFO *certInfoPtr, const void *serialNumber,
const int serialNumberLength );
int compareSerialNumber( const void *canonSerialNumber,
const int canonSerialNumberLength,
const void *serialNumber,
const int serialNumberLength );
#endif /* _CERT_DEFINED */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -